Hi Mark,
I already have this configuration but stopped to working after I enabled my
password policy. Another thing is the error changed, its not the same when
was missing prehashed config and my password was set to off.
On Wed, Sep 26, 2018, 16:47 Mark Reynolds <mreynolds(a)redhat.com> wrote:
Hi Alberto,
Only Directory Manager or a Password Admin can add pre-hashed passwords.
It has nothing to do with password policy settings. For more on password
admins see:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
HTH,
Mark
On 09/26/2018 02:31 PM, Alberto Viana wrote:
I have a password applied globally like this:
dn:
cn=cn\3DnsPwPolicyEntry\2CDC\3Dmy\2CDC\3Ddomain,cn=nsPwPolicyContainer,dc=
my,dc=domain
passwordLockout: off
passwordGraceLimit: 50
passwordWarning: 86400
passwordInHistory: 3
passwordMinLength: 8
passwordMinCategories: 3
passwordStorageScheme: SSHA512
passwordChange: on
passwordMaxAge: 31536000
passwordCheckSyntax: on
passwordExp: on
objectClass: top
objectClass: ldapsubentry
objectClass: passwordpolicy
cn: cn=nsPwPolicyEntry,DC=my,DC=domain
In a sub OU, I have this policy:
#
cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\2Cdc\3
Ddomain, nsPwPolicyContainer, POPS, EXTERNOS, my, my.domain
dn:
cn=cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\
2Cdc\3Ddomain,cn=nsPwPolicyContainer,ou=POPS,OU=EXTERNOS,ou=my,dc=my,dc=domain
passwordLockout: off
passwordGraceLimit: 50
passwordStorageScheme: SSHA
passwordChange: on
passwordMaxAge: 31536000
passwordCheckSyntax: off
passwordExp: off
objectClass: top
objectClass: ldapsubentry
objectClass: passwordpolicy
cn: cn=nsPwPolicyEntry,ou=POPS,OU=EXTERNOS,dc=my,dc=domain
But when I try to add a prehashed password on this sub OU, I see this kind
of error:
LDAP: error code 19 - invalid password syntax - passwords with storage
scheme are not allowed
Is this an expected behavior even if in sub OU I have an password policy
with passwordCheckSyntax set to off? If so, do I have any way to disable
this behavior? (but I can not disable my global password policy)
PS: The password policy is respecting the fact of passwordCheckSyntax is
set to off when I try to add a simple password like '1234'.
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...